Hacker Andrew Auernheimer was recently found guilty of hacking AT&T's website. The jury quickly accepted the charges of identity fraud and conspiracy to access a computer without authorization. In 2010, with the help of fellow hacker Daniel Spitler, Auernheimer discovered a hole in AT&T's website that allowed him to get iPad users email addresses. He accomplished this after realizing that when the website was provided with an ICC-ID, a unique identifier used to authenticate those using iPads on AT&T's network, it displayed the user's email address. Once this scheme was brought out, Auernheimer programed a script that automatically recorded the email addresses. The hackers called this the "iPad 3G Account Slurper" and were able to use it to obtain about 120,000 iPad users emails. The two hackers eventually reported this breach on the Gawker website and tried to defend themselves as bring the security hole to attention of the public, but the prosecutors accused that their interest went beyond that of the security of customer data. This accusation became even more obvious after the court obtained 150 pages of chat logs that eventually brought Auernheimer down.
This hack shows that AT&T needs to tighten its controls, especially since it doesn't seem that this hole was that complex to figure out. One of the areas of highest concern is that some of the emails obtained were from iPad users in the government, military, and NASA. If hackers were able to get this information relatively easy, it makes you wonder what they can obtain when using more intricate measures.
This hack shows that AT&T needs to tighten its controls, especially since it doesn't seem that this hole was that complex to figure out. One of the areas of highest concern is that some of the emails obtained were from iPad users in the government, military, and NASA. If hackers were able to get this information relatively easy, it makes you wonder what they can obtain when using more intricate measures.